Hackers breached Washington state court with Adobe ColdFusion flaw

Summary:Hackers used Adobe software to stage a data breach that left up to 160,000 Social Security numbers exposed.

Hackers used a flaw in Adobe's ColdFusion software to breach Washington state's Administrative Office of the Courts.

The hackers may have accessed as many as 160,000 Social Security numbers and up to one million drivers license numbers, according to a statement by the court on Thursday.

The court has only confirmed that 94 Social Security numbers were definitely taken, however, and believes the breach occurred sometime between last autumn and February this year, according to Associated Press. It also confirmed the breach happened due to a flaw in Adobe's web application platform, ColdFusion. 

The court has released details of the breach here. However, the site is currently 'down for scheduled maintenance'.

Anyone that was booked into a city or county jail in Washington state between September 2011 and December 2012 may have had their Social Security numbers exposed. The driver's license numbers of people charged with driving offenses in the state's superior court criminal system between 2011 and 2012 could also have been exposed.

The court discovered the hack in February and has since patched its Adobe software.

While Adobe's Reader and Flash, along with Java, still remain the top targets for exploit kits, hackers appear to be targeting ColdFusion with greater frequency.

Adobe this week released its fourth security update in 2013 for critical flaws in ColdFusion. It was the third patch this year which followed reports that new ColdFusion vulnerabilities were being exploited in the wild. Adobe only released four patches for ColdFusion during 2012. 

Topics: Security, Government : US


Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, s... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.